The ABCs of securing your wireless network

Sometimes you don't need to know everything about wireless to secure a home or …

Securing your media network

Wireless support is now a common feature in many different types of consumer devices. All current-generation game consoles support wireless connectivity, and it's a built-in feature on any decent laptop, handheld device, or Internet tablet. Wireless networking is on its way to becoming a ubiquitous home technology, but there's a difference between having a home full of network devices and having those same devices happily sharing a single wireless network. It can be difficult to find a single encryption standard that all the devices can agree on.

The table below should be some help the next time you have to synchronize security settings between a mishmash of hardware.

We've listed a number of the most popular Wi-Fi-capable devices above. The good news is that all of them support some kind of encryption. The bad news is that the choice between TKIP and AES complicates the picture a bit. For instance, the Nintendo Wii supports AES for both WPA and WPA2, but not TKIP for WPA2. So if you're looking for maximum compatibility among all your networked devices, your first choice in router settings should be WPA2 (AES) and your second should be WPA (TKIP). Forget about permutations like WPA2 (TKIP) and WPA (AES) and stick with the two options just mentioned.

Unfortunately, the Nintendo DS is the odd man out here, and only includes support for WEP. If you plan on running a wireless network that includes a Nintendo DS, you're stuck on an awful security protocol. This was downright shortsighted on Nintendo's part. The DS itself may have no particular need for strong wireless security, since there's virtually nothing a hacker could do with your DS, even if he broke into it—but as we've already observed, an increasing number of homes deploy a WAP as a general access point for multiple wireless devices. The DS might not need much security, but the same can't be said for the desktop, laptop, and PS3 that might all be sharing the same connection.

Set the DS aside, and WPA is easily the way to go. All of the other devices listed above support it and you'd be hard-pressed to find a router on the market today that didn't include WPA as well. WPA2, however, is still hit-and-miss. The newest encryption standard doesn't share WPA's near-universal backwards compatibility, and some routers on the market may not support it. In all honesty, this shouldn't be much of an issue—WPA2 is more secure than WPA, but WPA is still considered a secure standard, and it's still recommended as a general solution.

Enabling a wireless security standard

Actually enabling a security standard (assuming you don't already run one) is simple. I'll provide a few sample screenshots from a Linksys WRT150 router (802.11n Draft 2.0 compliant); the procedure should be similar on any other product. Drop into the "Wireless Security" of the WRT150 and open the selection tab, and this is what you see:

We're going to ignore WEP, since you really shouldn't be using it, and focus on the various WPA options. WPA Personal (aka, WPA-PSK) and WPA2-Personal are configured more-or-less identically. Select the option, choose your encryption method (TKIP or AES), and enter your chosen encryption key. There should be no need to change the default key renewal time (3,600 seconds) but if you need to do so, you can do that, as well. From this point, all you need to do is configure your various wireless adapters with the same information, and you should be up and running.

Linksys' options for switching to RADIUS mode are a bit misleading. WPA Enterprise and WPA2 Enterprise are the options you'd choose for a RADIUS server using one of those two protocols. The actual RADIUS option refers to a RADIUS server combined with WEP, and probably isn't used much at this point.

Configuring WPA/WPA2 Enterprise is also simple: Choose your encryption standard (TKIP or AES), and punch in the IP address and port number for the RADIUS server that handles authentication, as well as your shared secret. Once you've finished these steps, the router itself should be ready—make the appropriate configuration changes for your wireless adapters, and you're good to go.

Conclusion

It's actually quite easy to secure a wireless network, once you have a handle on what works and what doesn't. Don't waste time manually configuring MAC addresses or disabling DHCP when enabling an appropriate encryption standard is both faster and more effective.

WPA2 (AES) is the best encryption method currently available, followed by WPA2 (TKIP), WPA (AES), WPA (TKIP), and WEP. The relative gap between WEP and WPA, however, is far greater than the gap between WPA (TKIP) and WPA2 (AES). Generally speaking, any router that supports WPA is "good enough" in terms of its overall security. WEP, as we've previously stated, is an "only if you must" protocol, but it's still a better option than transmitting in the clear.

Follow these simple guidelines and you'll soon be leeching off your neighbor's wireless network in peace, confident in your assurance that he can't do the same to you.